How hard is it to launch a distributed denial-of-service (DDoS) attack?

Ethical Hactivist Dos Attacks

Sam Bowne Instructor, City College San Francisco
Denial-of-service (DoS) attacks are very common. They are used for extortion, political protest, revenge, or just LULz. Most of them use old, inefficient methods like UDP Floods, which require thousands of attackers to bring down a Web server. The newer Layer 7 attacks like Slowloris and Rudy are more powerful, and can stop a Web server from a single attacker with incomplete Http requests. The newest and most powerful attack uses IPv6 multicasts, and can bring down all the Windows machines on an entire network from a single attacker.
I will explain and demonstrate these tools: Low Orbit Ion Cannon, OWASP Http DoS Tool, and flood_router6 from the thc-ipv6 attack suite. This deadly IPv6 Router Advertisement Flood attack is a zero-day attack--Microsoft has known about it since June 2010 but has not patched it yet (as of May 4, 2011).

Low orbit ion cannon (LOIC) DDoS attack tool provided by annonymous will not obscure your IP address from the sites you attack. LOIC is just one of many DDoS tools now available for online use, downloading, or renting.

DDoS tools includes "single user flooding tools, small host booters, shell booters, remote access Trojans (RATs) with
flooding capabilities, simple DDoS bots, complex DDoS bots, and some commercial DDoS services.Many types of threats can be blended into any given tool in order to make the tool more attractive and financially lucrative"--as in, profitable for whoever's renting out the DDoS capabilities.

Download Encrypted VPN Virtual Private Network

"Details of the tools, techniques and procedures used by the hackers behind the RSA security breach have been revealed in a research paper (PDF) published by Australian IT security company Command Five. The paper also, for the first time, explains links between the RSA hack and other major targeted attacks. This paper is a vendor-neutral must-read for any network defenders concerned by the hype surrounding 'Advanced Persistent Threats.'"